Microsoft 8 września 2020 roku wydał nowy pakiet aktualizacji bezpieczeństwa w ramach comiesięcznego Patch Tuesday. Wydano łącznie 129 poprawek bezpieczeństwa, w tym 23 oznaczonych jako krytyczne.

Najistotniejsze podatności:

CVE-2020-1210 – luka występuje, gdy oprogramowanie nie sprawdza kodu źródłowego pakietu aplikacji. Aby wykorzystać tę podatność, atakujący musi przesłać spreparowany pakiet aplikacji SharePoint do podatnego na ataki SharePointa.

CVE-2020-16875 – wysłanie spreparowanej wiadomości e-mail do podatnego serwera Exchange może pozwolić atakującemu na wykonanie dowolnego kodu w kontekście użytkownika systemu.

CVE-2020-0761 – uwierzytelniony atakujący może przesłać spreparowane żądania do zintegrowanego serwera DNS usługi Active Directory (ADIDNS) w celu wykonania dowolnego kodu.

Pozostałe podatności:

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
ADFS Spoofing Vulnerability
CVE-2020-0837 No No Less Likely Less Likely Important 5.0 4.5
Active Directory Information Disclosure Vulnerability
CVE-2020-0664 No No More Likely More Likely Important 6.5 5.9
CVE-2020-0856 No No More Likely More Likely Important 6.5 5.9
Active Directory Remote Code Execution Vulnerability
CVE-2020-0718 No No Less Likely Less Likely Important 8.8 7.9
CVE-2020-0761 No No Less Likely Less Likely Important 8.8 7.9
Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
CVE-2020-1590 No No Less Likely Less Likely Important 5.5 5.0
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
CVE-2020-1130 No No Less Likely Less Likely Important 6.6 5.9
CVE-2020-1133 No No Less Likely Less Likely Important 5.5 5.0
DirectX Elevation of Privilege Vulnerability
CVE-2020-1053 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1308 No No More Likely More Likely Important 7.0 6.3
GDI+ Remote Code Execution Vulnerability
CVE-2020-1285 No No Less Likely Less Likely Critical 8.4 7.6
Group Policy Elevation of Privilege Vulnerability
CVE-2020-1013 No No Less Likely Less Likely Important 7.5 6.7
Internet Explorer Browser Helper Object (BHO) Memory Corruption Vulnerability
CVE-2020-16884 No No Less Likely Less Likely Important 4.2 3.8
Jet Database Engine Remote Code Execution Vulnerability
CVE-2020-1039 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1074 No No Less Likely Less Likely Important 7.8 7.0
Microsoft ASP.NET Core Security Feature Bypass Vulnerability
CVE-2020-1045 No No Less Likely Less Likely Important 7.5 6.7
Microsoft Browser Memory Corruption Vulnerability
CVE-2020-0878 No No Less Likely Less Likely Critical 4.2 3.8
Microsoft COM for Windows Elevation of Privilege Vulnerability
CVE-2020-1507 No No Less Likely Less Likely Important 7.9 7.1
Microsoft COM for Windows Remote Code Execution Vulnerability
CVE-2020-0922 No No Less Likely Less Likely Critical 8.8 7.9
Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
CVE-2020-16858 No No Less Likely Less Likely Important 5.4 4.9
CVE-2020-16859 No No Less Likely Less Likely Important 5.4 4.9
CVE-2020-16861 No No Less Likely Less Likely Important 5.4 4.9
CVE-2020-16864 No No Less Likely Less Likely Important 5.4 4.9
CVE-2020-16872 No No Less Likely Less Likely Important 7.6 6.8
CVE-2020-16878 No No Less Likely Less Likely Important 5.4 4.9
CVE-2020-16871 No No Less Likely Less Likely Important 5.4 4.9
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
CVE-2020-16860 No No Less Likely Less Likely Important 6.8 6.1
CVE-2020-16862 No No Less Likely Less Likely Critical 7.1 6.4
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
CVE-2020-16857 No No Critical 7.1 6.4
Microsoft Excel Information Disclosure Vulnerability
CVE-2020-1224 No No Less Likely Less Likely Important 5.5 5.0
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-1193 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1332 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1335 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1594 No No Less Likely Less Likely Important 7.8 7.0
Microsoft Exchange Memory Corruption Vulnerability
CVE-2020-16875 No No Less Likely Less Likely Critical 9.1 8.2
Microsoft Graphics Component Information Disclosure Vulnerability
CVE-2020-0921 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-1083 No No Less Likely Less Likely Important 5.5 5.0
Microsoft Office Information Disclosure Vulnerability
CVE-2020-16855 No No Less Likely Less Likely Important 5.5 5.0
Microsoft Office SharePoint XSS Vulnerability
CVE-2020-1345 No No Less Likely Less Likely Important 7.4 6.7
CVE-2020-1575 No No Less Likely Less Likely Important 5.4 4.9
CVE-2020-1198 No No Important 7.4 6.7
CVE-2020-1227 No No Important 5.4 4.9
CVE-2020-1482 No No Less Likely Less Likely Important 6.3 5.7
CVE-2020-1514 No No Less Likely Less Likely Important 5.4 4.9
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-1452 No No Less Likely Less Likely Critical 8.6 7.7
CVE-2020-1453 No No Less Likely Less Likely Critical 8.6 7.7
CVE-2020-1576 No No Less Likely Less Likely Critical 8.5 7.6
CVE-2020-1200 No No Less Likely Less Likely Critical 8.6 7.7
CVE-2020-1210 No No Less Likely Less Likely Critical 9.9 8.9
CVE-2020-1595 No No Less Likely Less Likely Critical 9.9 8.9
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2020-1460 No No Less Likely Less Likely Critical 8.6 7.7
Microsoft SharePoint Server Tampering Vulnerability
CVE-2020-1440 No No Less Likely Less Likely Important 6.3 5.7
CVE-2020-1523 No No Less Likely Less Likely Important 8.9 8.0
Microsoft SharePoint Spoofing Vulnerability
CVE-2020-1205 No No Less Likely Less Likely Important 4.6 4.2
Microsoft Store Runtime Elevation of Privilege Vulnerability
CVE-2020-0766 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1146 No No Less Likely Less Likely Important 6.6 5.9
Microsoft Windows Codecs Library Remote Code Execution Vulnerability
CVE-2020-1129 No No Less Likely Less Likely Critical 8.8 7.9
CVE-2020-1319 No No Less Likely Less Likely Critical 7.3 6.6
Microsoft Word Remote Code Execution Vulnerability
CVE-2020-1218 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1338 No No Less Likely Less Likely Important 7.8 7.0
Microsoft splwow64 Elevation of Privilege Vulnerability
CVE-2020-0790 No No Less Likely Less Likely Important 7.8 7.0
Microsoft splwow64 Information Disclosure Vulnerability
CVE-2020-0875 No No Less Likely Less Likely Important 5.5 5.0
NTFS Elevation of Privilege Vulnerability
CVE-2020-0838 No No Less Likely Less Likely Important 7.8 7.0
OneDrive for Windows Elevation of Privilege Vulnerability
CVE-2020-16851 No No Less Likely Less Likely Important 7.1 6.4
CVE-2020-16852 No No Less Likely Less Likely Important 7.1 6.4
CVE-2020-16853 No No Less Likely Less Likely Important 7.1 6.4
Projected Filesystem Information Disclosure Vulnerability
CVE-2020-16879 No No Less Likely Less Likely Important 5.5 5.0
Projected Filesystem Security Feature Bypass Vulnerability
CVE-2020-0805 No No Less Likely Less Likely Important 5.3 4.8
SQL Server Reporting Services Security Feature Bypass Vulnerability
CVE-2020-1044 No No Less Likely Less Likely Moderate 4.3 3.9
Scripting Engine Memory Corruption Vulnerability
CVE-2020-1057 No No Less Likely Less Likely Critical 4.2 3.8
CVE-2020-1172 No No Less Likely Less Likely Critical 4.2 3.8
CVE-2020-1180 No No Less Likely Less Likely Important 4.2 3.8
Shell infrastructure component Elevation of Privilege Vulnerability
CVE-2020-0870 No No Less Likely Less Likely Important 7.8 7.0
TLS Information Disclosure Vulnerability
CVE-2020-1596 No No Less Likely Less Likely Important 5.4 4.9
Visual Studio JSON Remote Code Execution Vulnerability
CVE-2020-16881 No No Less Likely Less Likely Important 7.8 7.0
Visual Studio Remote Code Execution Vulnerability
CVE-2020-16856 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-16874 No No Less Likely Less Likely Critical 7.8 7.0
Win32k Elevation of Privilege Vulnerability
CVE-2020-1245 No No More Likely More Likely Important 7.0 6.3
Win32k Information Disclosure Vulnerability
CVE-2020-0941 No No More Likely More Likely Important 5.5 5.0
CVE-2020-1250 No No Less Likely Less Likely Important 5.5 5.0
WinINet API Elevation of Privilege Vulnerability
CVE-2020-1012 No No Less Likely Less Likely Important 8.8 7.9
Windows Camera Codec Pack Remote Code Execution Vulnerability
CVE-2020-0997 No No Less Likely Less Likely Critical 7.8 7.0
Windows CloudExperienceHost Elevation of Privilege Vulnerability
CVE-2020-1471 No No Less Likely Less Likely Important 6.1 5.5
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2020-1115 No No More Likely More Likely Important 7.8 7.0
Windows Cryptographic Catalog Services Elevation of Privilege Vulnerability
CVE-2020-0782 No No Less Likely Less Likely Important 7.8 7.0
Windows DHCP Server Information Disclosure Vulnerability
CVE-2020-1031 No No Less Likely Less Likely Important 7.5 6.7
Windows DNS Denial of Service Vulnerability
CVE-2020-0836 No No Less Likely Less Likely Important 7.5 6.7
CVE-2020-1228 No No Less Likely Less Likely Important 7.5 6.7
Windows Defender Application Control Security Feature Bypass Vulnerability
CVE-2020-0951 No No Less Likely Less Likely Important 6.7 6.0
Windows Elevation of Privilege Vulnerability
CVE-2020-1376 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1052 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1159 No No Less Likely Less Likely Important 5.3 4.8
Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability
CVE-2020-0912 No No Less Likely Less Likely Important 7.0 6.3
Windows Function Discovery Service Elevation of Privilege Vulnerability
CVE-2020-1491 No No Less Likely Less Likely Important 7.8 7.0
Windows GDI Information Disclosure Vulnerability
CVE-2020-1256 No No Less Likely Less Likely Important 5.5 5.0
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2020-0998 No No Less Likely Less Likely Important 7.8 7.0
Windows Graphics Component Information Disclosure Vulnerability
CVE-2020-1091 No No Less Likely Less Likely Important 6.5 5.9
CVE-2020-1097 No No Less Likely Less Likely Important 6.5 5.9
Windows Hyper-V Denial of Service Vulnerability
CVE-2020-0890 No No Less Likely Less Likely Important 6.5 5.9
CVE-2020-0904 No No Less Likely Less Likely Important 6.5 5.9
Windows Information Disclosure Vulnerability
CVE-2020-1119 No No Less Likely Less Likely Important 5.5 5.0
Windows InstallService Elevation of Privilege Vulnerability
CVE-2020-1532 No No Less Likely Less Likely Important 7.8 7.0
Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-1034 No No Less Likely Less Likely Important 6.8 6.1
Windows Kernel Information Disclosure Vulnerability
CVE-2020-1589 No No Less Likely Less Likely Important 4.4 4.0
CVE-2020-1592 No No Less Likely Less Likely Important 5.1 4.6
CVE-2020-0928 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-1033 No No Less Likely Less Likely Important 4.0 3.6
CVE-2020-16854 No No Less Likely Less Likely Important 5.5 5.0
Windows Language Pack Installer Elevation of Privilege Vulnerability
CVE-2020-1122 No No Less Likely Less Likely Important 5.5 5.0
Windows Media Audio Decoder Remote Code Execution Vulnerability
CVE-2020-1508 No No Less Likely Less Likely Critical 7.6 6.8
CVE-2020-1593 No No Less Likely Less Likely Critical 7.6 6.8
Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability
CVE-2020-0989 No No Less Likely Less Likely Important 5.5 5.0
Windows Modules Installer Elevation of Privilege Vulnerability
CVE-2020-0911 No No Less Likely Less Likely Important 7.8 7.0
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2020-1030 No No Less Likely Less Likely Important 7.8 7.0
Windows RSoP Service Application Elevation of Privilege Vulnerability
CVE-2020-0648 No No Less Likely Less Likely Important 7.8 7.0
Windows Remote Code Execution Vulnerability
CVE-2020-1252 No No Less Likely Less Likely Critical 7.8 7.0
Windows Routing Utilities Denial of Service
CVE-2020-1038 No No Less Likely Less Likely Important 5.5 5.0
Windows Runtime Elevation of Privilege Vulnerability
CVE-2020-1169 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-1303 No No Less Likely Less Likely Important 5.5 5.0
Windows Shell Infrastructure Component Elevation of Privilege Vulnerability
CVE-2020-1098 No No Less Likely Less Likely Important 7.8 7.0
Windows Start-Up Application Elevation of Privilege Vulnerability
CVE-2020-1506 No No Less Likely Less Likely Important 6.1 5.5
Windows State Repository Service Information Disclosure Vulnerability
CVE-2020-0914 No No Less Likely Less Likely Important 5.5 5.0
Windows Storage Services Elevation of Privilege Vulnerability
CVE-2020-1559 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0886 No No Less Likely Less Likely Important 7.8 7.0
Windows Text Service Module Remote Code Execution Vulnerability
CVE-2020-0908 No No Less Likely Less Likely Critical 7.5 6.7
Windows UPnP Service Elevation of Privilege Vulnerability
CVE-2020-1598 No No Less Likely Less Likely Important 6.1 5.5
Windows Win32k Elevation of Privilege Vulnerability
CVE-2020-1152 No No More Likely More Likely Important 5.8 5.2
Windows dnsrslvr.dll Elevation of Privilege Vulnerability
CVE-2020-0839 No No Less Likely Less Likely Important 7.8 7.0
Xamarin.Forms Spoofing Vulnerability
CVE-2020-16873 No No Less Likely Less Likely Important 4.7 4.4